BLOG - Why We Need to Flip the Transaction Model

Data misuse at Facebook. Stolen social security numbers at Equifax. Exposure of private data at Aetna. That’s just the tip of the iceberg.

According to Identity Force, last year the world saw more data breaches than any year prior. On December 20th, the Identity Theft Resource Center (ITRC) reported that there were 1,293 total data breaches, compromising more than 174 million records. That’s 45% more breaches than 2016. This disturbing trend is only expected to continue for 2018.

What’s gone wrong?

We can safely conclude that the current model has not only failed, it’s snowballing out of control. Today institutions try to control authorization and consumers are losing confidence. It's backwards and broken. If consumers had control, institutions would gain confidence. We need to flip the model.

The First Rule of Secrets

To get to the root of the problem, there are many places we can start. To frame the discussion in a context we can all relate to, let’s use social security numbers as an example. An SSN is an ID number but possessing an SSN card should not be used to prove one’s identity – that’s authentication. Because, of course, someone could have stolen the card.

Identification information is meant to be shared. Authentication information is not. The fact that SSN numbers aren’t publicly published, made it convenient to assume it was also a secret. So, knowing the number became like knowing a password. However, as everyone knows, SSNs aren’t a secret at all. Think of all the people you’ve shared your SSN with over the years – banks, doctor’s offices, employers, insurance companies, utilities, the DMV, and so on.

The first rule of secrets is to never share them. The more they are shared, the more opportunities there are for them to leak out. But given today’s model, once someone knows your SSN, they can open new accounts, file fraudulent tax returns, obtain medical care, or prescriptions or steal your benefits.

What We Really Care About Is Misuse

Consumers want their information protected, of course, but what they really care about is that it is not misused. Over-focus on hiding identifiers such as SSNs has happened at the expense of ensuring that they are not used fraudulently.

The misuse of identifiers as secrets isn’t limited to SSNs:

Credit and debit card numbers (with an accompanying fixed PIN) also need to be kept secret to combat fraud. Yet we freely share them with waiters, store clerks, and online shopping sites.

As long as you have the answer to “out of wallet” questions such as your mother’s maiden name, account numbers can be used to reset online banking passwords. The answers to these “secret” questions can be easily learned through social media and data breaches.

Knowing an online ID and password allows fraudsters to transfer money out of a bank or brokerage account.

Today, if an institution wants user permission, they generate a permission PIN that they send to the user … to send back to them! And we wonder why we still have fraud. The model is upside down:

Consumers don’t want the financial institution or a remote service to authorize their transactions – they want the ability to authorize themselves.

Fraud departments don’t want to be in the no-win position of having to guess if a transaction is legitimate. Being too permissive results in losses and being too restrictive results in client and business dissatisfaction.

How to Flip the Model

We believe the model needs to be completely flipped. Imagine if consumers could provide institutions with a Permission Code – a code that would enable consumers to tell institutions which transactions are authorized and which ones aren’t. This accomplishes the following:

Authorization is clearly distinguished from authentication, and the need to keep identifiers a secret is eliminated.

Authorization comes from the consumer and not the institution.

This consumer authorization contains limitations on how, when and where the Permission Code can be use – eliminating the opportunity for misuse.

The need for a central repository where passwords and usable PINs are kept is also eliminated.

The need for an outbound channel that is susceptible to being intercepted or redirected is eliminated.

With the Permission Code, consumers, not an institution, generate one-time PINs to authorize transactions. A usable Permission Code is not stored anywhere; it’s signed with a private key and verified with a public key. But the real magic is that the Permission Code is cryptographically bound to both the ID and the specific transaction. It has embedded within it restrictions that prevent it from being misused, even if intercepted. So, whether or not it remains a secret is moot.

Consumer Control

If a consumer authorizes an immediate wire transfer out of a specific account in a NY bank branch, for example, the Permission Code can’t be used for any other account, purpose, location, or time. Permission Codes are small enough to be client-friendly, but pack lots of information. No back-office changes to databases are needed; account numbers are still the identifier of choice and the Permission Code can be safely discarded once checked.

Now consider the impact of applying the Permission Code to transactions that occur every day, all day long, at Facebook, Equifax, Aetna, and so on.

In this model, the consumer is able to control the use of his or her information instead of worrying about keeping it a secret. Institutions that process or share information gain confidence that the real owner authorized its use for the intended purpose. The chances of fraud and misuse are dramatically reduced. Rather than merely shifting fraud risk, our model seeks to eliminate risk completely.

We believe that multi-factor authorization based on consumer-generated secrets is a winning model, and one that should not only help make services less expensive, but that will also have a meaningful impact on reducing fraud.

Lou Steinberg is a Managing Partner at The Authoriti Network, https://authoriti.net.